Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/96WT5FytarZ05IjRuFbC54RPoZ0.roa
File:                     96WT5FytarZ05IjRuFbC54RPoZ0.roa (raw, json)
Hash identifier:          5ug8siROjy4VLZIuvuNaCChigNtUitO0ITOEkGJ9SYA=
Subject key identifier:   F7:A5:93:E4:5C:AD:6A:B6:74:E4:88:D1:B8:56:C2:E7:84:4F:A1:9D
Certificate issuer:       /CN=aebf394e2f1b251c88d988a87161084580786ef5
Certificate serial:       018CC5DD37C69D0578774CDD110067FC3354
Authority key identifier: AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/96WT5FytarZ05IjRuFbC54RPoZ0.roa
Signing time:             Mon 01 Jan 2024 16:30:58 +0000
ROA not before:           Mon 01 Jan 2024 16:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        5.182.252.0/22 maxlen: 24
                          212.51.160.0/19 maxlen: 24
                          91.103.232.0/21 maxlen: 24
                          45.142.172.0/22 maxlen: 24
                          128.127.128.0/20 maxlen: 24
                          149.255.136.0/22 maxlen: 24
                          149.255.136.0/21 maxlen: 24
                          37.58.128.0/17 maxlen: 24
                          81.22.216.0/21 maxlen: 24
                          193.108.197.0/24 maxlen: 24
                          185.67.88.0/22 maxlen: 24
                          103.77.32.0/22 maxlen: 24
                          146.247.88.0/21 maxlen: 24
                          103.232.172.0/22 maxlen: 24
                          178.249.160.0/21 maxlen: 24
                          185.42.132.0/22 maxlen: 24
                          213.151.166.0/24 maxlen: 24
                          213.151.172.0/23 maxlen: 24
                          103.229.36.0/23 maxlen: 24
                          213.151.171.0/24 maxlen: 24
                          213.151.168.0/23 maxlen: 24
                          37.18.160.0/20 maxlen: 24
                          213.151.174.0/24 maxlen: 24
                          213.151.175.0/24 maxlen: 24
                          91.217.94.0/23 maxlen: 24
                          62.102.224.0/19 maxlen: 24
                          185.208.248.0/22 maxlen: 24
                          185.65.224.0/22 maxlen: 24
                          92.61.72.0/21 maxlen: 24
                          109.69.192.0/21 maxlen: 24
                          94.127.8.0/21 maxlen: 24
                          185.204.140.0/22 maxlen: 24
                          185.79.148.0/22 maxlen: 24
                          46.20.160.0/20 maxlen: 24
                          213.108.64.0/21 maxlen: 24
                          109.237.240.0/20 maxlen: 24
                          188.66.56.0/22 maxlen: 24
                          2a03:4c00::/29 maxlen: 48
                          2a01:728::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 20 Feb 2024 16:22:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:37:c6:9d:05:78:77:4c:dd:11:00:67:fc:33:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aebf394e2f1b251c88d988a87161084580786ef5
        Validity
            Not Before: Jan  1 16:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7a593e45cad6ab674e488d1b856c2e7844fa19d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:49:bc:9c:0b:2e:9a:e3:d7:6a:7b:e0:37:17:
                    55:29:bb:09:83:fd:ff:8e:48:9f:53:8b:a8:1d:b8:
                    55:42:9e:cb:54:fd:d3:45:00:6c:26:d5:39:38:a5:
                    5c:54:ed:05:e4:96:6f:67:6c:be:13:a2:48:9e:4d:
                    e1:52:9b:62:6b:ae:4d:6c:36:68:f8:6d:7c:4b:b1:
                    25:46:16:0b:dd:92:ea:1a:8d:35:7c:d0:89:87:35:
                    11:d4:3a:91:84:98:c6:7a:66:e3:15:88:72:91:cf:
                    fa:74:96:69:cc:25:3a:02:19:13:38:f9:b6:1b:63:
                    3f:47:7f:4e:3b:cb:90:bc:06:05:5a:7e:28:a8:90:
                    85:43:e9:38:1b:b3:7d:06:e5:47:cd:b1:27:fe:b8:
                    d9:98:c9:dc:93:64:2a:4e:1c:16:f3:43:ec:78:7a:
                    7c:74:72:49:2d:58:c0:30:e4:71:ab:d8:96:db:09:
                    ff:f7:03:bb:93:97:7c:06:24:07:6b:95:36:f7:9d:
                    49:7b:1e:1b:be:a5:83:c0:8e:fe:94:3c:d0:3b:c0:
                    e5:9d:c6:0b:73:d2:d0:fc:df:c9:dd:d6:38:2a:f1:
                    4b:0d:34:0c:d6:c8:71:cb:64:e6:4c:59:ef:67:06:
                    d4:b1:d4:9b:b0:8f:16:a5:ca:02:8f:06:c3:03:36:
                    6c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A5:93:E4:5C:AD:6A:B6:74:E4:88:D1:B8:56:C2:E7:84:4F:A1:9D
            X509v3 Authority Key Identifier:
                keyid:AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/96WT5FytarZ05IjRuFbC54RPoZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.252.0/22
                  37.18.160.0/20
                  37.58.128.0/17
                  45.142.172.0/22
                  46.20.160.0/20
                  62.102.224.0/19
                  81.22.216.0/21
                  91.103.232.0/21
                  91.217.94.0/23
                  92.61.72.0/21
                  94.127.8.0/21
                  103.77.32.0/22
                  103.229.36.0/23
                  103.232.172.0/22
                  109.69.192.0/21
                  109.237.240.0/20
                  128.127.128.0/20
                  146.247.88.0/21
                  149.255.136.0/21
                  178.249.160.0/21
                  185.42.132.0/22
                  185.65.224.0/22
                  185.67.88.0/22
                  185.79.148.0/22
                  185.204.140.0/22
                  185.208.248.0/22
                  188.66.56.0/22
                  193.108.197.0/24
                  212.51.160.0/19
                  213.108.64.0/21
                  213.151.166.0/24
                  213.151.168.0/23
                  213.151.171.0-213.151.175.255
                IPv6:
                  2a01:728::/29
                  2a03:4c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:11:ab:c7:44:c4:5d:da:0f:50:0b:88:48:81:31:52:24:35:
         c5:e6:8f:eb:98:f8:19:23:84:c1:91:97:db:0d:36:7d:4f:a3:
         84:98:b7:79:43:d6:15:5d:d4:4d:0d:38:8b:09:21:34:68:67:
         85:db:4d:b3:2a:24:2c:08:01:33:ea:4b:84:42:ff:70:d4:ae:
         29:71:a7:d1:31:72:b4:46:3c:35:a5:91:f0:b4:60:0b:22:bb:
         ed:54:58:b6:16:d2:28:88:cc:ec:3c:5e:b5:d2:4e:ef:07:34:
         32:67:b4:07:e5:2a:7c:04:0c:55:d7:72:52:24:1f:1a:b6:ea:
         bc:8e:31:d1:3a:09:f6:6f:17:08:1a:c7:9d:15:5b:90:41:7c:
         1b:88:ad:eb:25:24:60:87:a1:40:fb:a9:02:32:41:84:4e:36:
         70:54:aa:3f:17:e5:92:cf:98:3c:76:67:da:c3:53:c6:b9:95:
         57:83:73:c8:d8:28:7f:20:fc:5a:fb:2c:d2:cb:8b:ab:49:01:
         08:1f:7d:75:2f:f6:c7:01:2e:de:26:ed:68:6a:73:dc:ce:f9:
         eb:b9:88:1b:16:ad:7e:30:f2:cc:75:0a:35:15:73:9a:8d:2f:
         fb:cf:42:41:e3:d4:ad:c8:9b:80:b4:db:46:54:fe:0c:54:2b:
         83:6a:f3:64
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgISAYzF3TfGnQV4d0zdEQBn/DNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmYzOTRlMmYxYjI1MWM4OGQ5ODhhODcxNjEwODQ1ODA3
ODZlZjUwHhcNMjQwMTAxMTYzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2E1OTNlNDVjYWQ2YWI2NzRlNDg4ZDFiODU2YzJlNzg0NGZhMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUm8nAsumuPXanvgNxdVKbsJg/3/
jkifU4uoHbhVQp7LVP3TRQBsJtU5OKVcVO0F5JZvZ2y+E6JInk3hUptia65NbDZo
+G18S7ElRhYL3ZLqGo01fNCJhzUR1DqRhJjGembjFYhykc/6dJZpzCU6AhkTOPm2
G2M/R39OO8uQvAYFWn4oqJCFQ+k4G7N9BuVHzbEn/rjZmMnck2QqThwW80PseHp8
dHJJLVjAMORxq9iW2wn/9wO7k5d8BiQHa5U2951Jex4bvqWDwI7+lDzQO8DlncYL
c9LQ/N/J3dY4KvFLDTQM1shxy2TmTFnvZwbUsdSbsI8WpcoCjwbDAzZsWwIDAQAB
o4IC7TCCAukwHQYDVR0OBBYEFPelk+RcrWq2dOSI0bhWwueET6GdMB8GA1UdIwQY
MBaAFK6/OU4vGyUciNmIqHFhCEWAeG71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2It
NjFlN2Y0MGQ1ZGQ2LzEvOTZXVDVGeXRhclowNUlqUnVGYkM1NFJQb1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2ItNjFlN2Y0MGQ1ZGQ2
LzEvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAQYIKwYBBQUHAQcBAf8EgfEwge4wgdUEAgABMIHOAwQC
Bbb8AwQEJRKgAwQHJTqAAwQCLY6sAwQELhSgAwQFPmbgAwQDURbYAwQDW2foAwQB
W9leAwQDXD1IAwQDXn8IAwQCZ00gAwQBZ+UkAwQCZ+isAwQDbUXAAwQEbe3wAwQE
gH+AAwQDkvdYAwQDlf+IAwQDsvmgAwQCuSqEAwQCuUHgAwQCuUNYAwQCuU+UAwQC
ucyMAwQCudD4AwQCvEI4AwQAwWzFAwQF1DOgAwQD1WxAAwQA1ZemAwQB1ZeoMAwD
BADVl6sDBATVl6AwFAQCAAIwDgMFAyoBBygDBQMqA0wAMA0GCSqGSIb3DQEBCwUA
A4IBAQBSEavHRMRd2g9QC4hIgTFSJDXF5o/rmPgZI4TBkZfbDTZ9T6OEmLd5Q9YV
XdRNDTiLCSE0aGeF202zKiQsCAEz6kuEQv9w1K4pcafRMXK0Rjw1pZHwtGALIrvt
VFi2FtIoiMzsPF610k7vBzQyZ7QH5Sp8BAxV13JSJB8atuq8jjHROgn2bxcIGsed
FVuQQXwbiK3rJSRgh6FA+6kCMkGETjZwVKo/F+WSz5g8dmfaw1PGuZVXg3PI2Ch/
IPxa+yzSy4urSQEIH311L/bHAS7eJu1oanPczvnruYgbFq1+MPLMdQo1FXOajS/7
z0JB49StyJuAtNtGVP4MVCuDavNk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:46 2024 by rpki-client on console-fra.rpki-client.org